"Stealing" an outside domain within a LAN

tsar.peter at gmail.com tsar.peter at gmail.com
Mon Nov 20 22:08:54 UTC 2006

Wes Groleau wrote:
> I am successfully running BIND 9.2.2 on MacOS 10.3.9
> to give all my machines 192.168 addresses with a TLD
> of "local"
> But I also want to "shanghai" some unsavory
> malware domains.  In other words,
> if my Windows box asks the Mac for
> subdom.I-spy.com the Mac should return
> "not found" instead of going out to the
> root nameservers.
> How do I do that?
> I should be able to just put them in my hosts file,
> but (1) that won't catch any subdomains I didn't predict
> and (2) there seems to be a bug in this version of Mac OS
> in that it ignores the config file commands to use
> /etc/hosts first and goes to DNS instead.
> --
> Wes Groleau
> -----------
>     "Thinking I'm dumb gives people something to
>      feel smug about.  Why should I disillusion them?"
>                              -- Charles Wallace
>                              (in _A_Wrinkle_In_Time_)

You already has bind running, and all you have to do is create the
offending zone
and an zone-file containing only SOA and  an NS record. All clients
using this
server as nameserver will "see" the contents of your zone instead of
the real one.

Just make shure all clients only use your nameserver(s) !

More information about the bind-users mailing list